{"id":54515,"date":"2025-10-02T08:01:25","date_gmt":"2025-10-02T12:01:25","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=54515"},"modified":"2025-10-02T08:01:25","modified_gmt":"2025-10-02T12:01:25","slug":"whatsapp-phishing-vote","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/whatsapp-phishing-vote\/54515\/","title":{"rendered":"Phishing via WhatsApp under the guise of online voting"},"content":{"rendered":"

\u201cHi! My niece is in a contest! Can you vote for her? It means the world to her\u201d. Messages like this are common on WhatsApp \u2014 both in groups and private chats. Many people who aren\u2019t security-savvy will, without a second thought, click to help someone they don\u2019t actually know \u2014 and end up losing their account. In a recent investigation we found a new phishing campaign that has already hit WhatsApp users worldwide.<\/p>\n

Today we\u2019ll explain how the attack works, the potential consequences for victims, and how to avoid falling for it.<\/p>\n

How the attack works<\/h2>\n

Cybercriminals first prepare for the attack by creating convincing phishing pages purportedly hosting legitimate voting polls \u2014 in the example below for young gymnasts, though the scenario can be easily changed. The pages look genuine: they include photos of real participants, Vote<\/em> buttons and counters showing how many people have voted. Likely using AI and phishing-kits<\/a>, the attackers easily produce multiple language versions of the same site \u2014 we found the identical poll in English, Spanish, German, Turkish, Danish, Bulgarian, and other languages.<\/p>\n

Stage One: The Hook. <\/strong>On social networks, in messengers, or by email, the scammers use social engineering to direct you to a fake voting site. The pretext can be very believable, and the message may come from a friend or relative whose account has already been compromised. The request is usually personalized \u2014 in the first message the fraudster posing as your acquaintance asks you to vote for a certain contestant because they\u2019re their charge, friend or relative.<\/p>\n

\"First<\/a>

First you\u2019re lured to a fake voting page<\/p><\/div>\n

Stage Two: The Trap.<\/strong> When you click Vote<\/em>, you\u2019re taken to a page that asks you to quickly authenticate via WhatsApp. All you need do is enter the phone number linked to your messenger.<\/p>\n

Next they ask for your phone number associated with WhatsApp. The scammers even pretend to care about your data and \"your valuable time\"<\/a>

Next they ask for your phone number associated with WhatsApp. The scammers even pretend to care about your data and \u201cyour valuable time\u201d<\/p><\/div>\n

Stage Three: The Heist<\/strong>. The attackers exploit the one-time code login feature in WhatsApp Web. They enter the phone number you provided, and WhatsApp generates an eight-character single-use verification code. The attackers immediately display that code on the fake site with instructions: open WhatsApp, go to \u201cConnected devices\u201d (never mind that it\u2019s actually \u201cLinked devices\u201d in WhatsApp), and enter the code. For convenience, there\u2019s even a button to copy the code to the clipboard.<\/p>\n

For \"fast and easy authorization\" (read: WhatsApp account takeover) you only need enter the code shown on the site<\/a>

For \u201cfast and easy authorization\u201d (read: WhatsApp account takeover) you only need enter the code shown on the site<\/p><\/div>\n

At the same time, WhatsApp on your phone shows a prompt to link a new device by entering the code. Clicking that opens a warning that someone is trying to connect to your account, and a field to enter the code.<\/p>\n

Unfortunately, in their uncontrollable desire to help a complete stranger in the contest, many users don\u2019t carefully read WhatsApp\u2019s warning. They think, \u201cSomeone wants to link to my account? That\u2019s so I can vote \u2014 looks fine to me\u201d When the careless victim types the code into the app on their phone, the web session initiated by the attackers is activated.<\/p>\n

\"WhatsApp<\/a>

WhatsApp warns you that someone is trying to link to your account, but many users don\u2019t read the warning, and enter the verification code anyway<\/p><\/div>\n

If you enter that code, the attackers gain full access to your WhatsApp, as if you had logged in yourself \u2014 for example, from a computer alongside your phone. The attackers can view all your contacts, read conversations, send and delete messages in your name, and even take full control of the account. That opens up further possibilities for fraud: somehow extracting money from your contacts using your identity, or using your account to spread the same phishing link that trapped you.<\/p>\n

What to do if you think you\u2019ve been hacked<\/h2>\n

If you suspect you\u2019ve fallen for the scam and given attackers access to your WhatsApp account, the first thing to do is open the WhatsApp settings on your smartphone and go to Linked devices<\/em>. There you\u2019ll see all devices currently logged into your account. If you notice any unfamiliar devices or browsers, click on them to disconnect them from your account. Do this quickly \u2014 before the criminals can fully take over your account.<\/p>\n

We\u2019ve prepared a detailed guide<\/a> for such cases: it explains eight signs your WhatsApp account may be hacked, and provides step-by-step instructions on how to regain access even in difficult situations. We also have a similar guide for Telegram users<\/a>.<\/p>\n

How to prevent your WhatsApp account from being hacked<\/h2>\n